Intel PROset/Wireless S24EvMon.exe service information disclosure
| intel-s24evmon-information-disclosure (26317) |  Medium Risk |
Description:
Intel PROset/Wireless Softwhasinsecure permissions. An attacker could exploit this vulnerability to obtain sensitive wireless configuration information.
Consequences:
Obtain Information
Remedy:
Refer to the Intel Web site for patch, upgrade, or suggested workaround information. See References.
References:
- BugTraq Mailing List, Tue May 02 2006 - 13:59:54 CDT: Intel wireless service s24evmon.exe confidential information disclosure..
- Intel Web site: Intel PROSet/Wireless Software.
- BID-17914: Intel PROset/Wireless Local Information Disclosure Vulnerability
- CVE-2006-2316: S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify passwords or other data, or cause a denial of service.
- SA20001: Intel PROset/Wireless Software Multiple Vulnerabilities
- SECTRACK ID: 1016621: Intel PRO/Centrino Wireless Drivers Let Local and Remote Users Execute Arbitrary Code
- VUPEN/ADV-2006-1737: Intel PROset/Wireless Software Insecure Shared Section Information Disclosure
Platforms Affected:
- Intel PROSet Wireless 10.1.0.33
- Microsoft Windows XP Home
- Microsoft Windows XP Tablet PC
- Microsoft Windows XP Professional
Reported:
May 02, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net